Re: Editing and storing encrypted files
On Wed, Sep 06, 2000 at 10:22:44PM +0200, Wouter Hanegraaff wrote:
> Hi,
>
> I have some files that I would like to store encrypted. Of course I can
> just type them in, encrypt them using gpg and delete the original, but
> that seems to be a bit of a kludge. It would mean the file is at some
> time readable unencrypted (after saving in the editor), and forgetting
> to turn off the backup file option in the editor when changing the file.
>
> There must be better solutions, but I can't seem to find them. What I
> would like to have is an editor that has built-in encryption or gpg
> integration, and the option not to store any non-encrypted data on disk
> or on the clipboard.
>
> Is something like this available?
There are several possibilities. A great deal depends on your threat model:
What are you trying to protect against?
It sounds like you're worried about someone searching your raw disk and
recovering data. For that, you probably want to encrypt entire partitions,
and also make sure swap and /tmp are protected. There's good discussion and
several possibilities listed in the Encryption-HOWTO:
(http://fachschaft.physik.uni-bielefeld.de/leute/marc/Encryption-HOWTO/Encryption-HOWTO.html)
I personally would be tempted to use Matt Blaze's CFS
(ftp://research.att.com/dist/mab/cfs.announce), but I actually store all of my
sensitive files on a separate secured machine. (no network daemons, etc.)
If you have more extreme secrecy needs, you might want to look into duress
filesystems or steganographic file storage. Those are only really useful if
you might need to plausibly deny that you had the encrypted files at all.
I'm also not aware of any available implementations.
Jon Leonard
Reply to: